From 237ce065b93e3f12cea31406e698bec4c146fca4 Mon Sep 17 00:00:00 2001 From: plegall Date: Sat, 7 Apr 2012 21:12:25 +0000 Subject: bug 2612 fixed: sanitize $_GET['installstatus'] before display for themes/languages/plugins installation git-svn-id: http://piwigo.org/svn/branches/2.3@13961 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/languages_new.php | 5 +++-- admin/plugins_new.php | 2 +- admin/themes_new.php | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/admin/languages_new.php b/admin/languages_new.php index 4c7804aa5..da0d31bfd 100644 --- a/admin/languages_new.php +++ b/admin/languages_new.php @@ -97,8 +97,9 @@ if (isset($_GET['installstatus'])) break; default: - array_push($page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) + array_push( + $page['errors'], + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) ); } } diff --git a/admin/plugins_new.php b/admin/plugins_new.php index c623f4c3b..b639a4427 100644 --- a/admin/plugins_new.php +++ b/admin/plugins_new.php @@ -76,7 +76,7 @@ if (isset($_GET['installstatus'])) default: array_push($page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']), + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])), l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).')); } } diff --git a/admin/themes_new.php b/admin/themes_new.php index 542d8a79f..f71d87890 100644 --- a/admin/themes_new.php +++ b/admin/themes_new.php @@ -102,7 +102,7 @@ if (isset($_GET['installstatus'])) default: array_push( $page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) ); } } -- cgit v1.2.3